[PS-2251] Implement argon2 kdf (#4468)

* Implement argon2 * Remove argon2 webassembly warning * Replace magic numbers by enum * move packages * cleanup call to argon2 * update call to node argon2 * don't need wasm-eval * revert config changes * Update libs/common/src/enums/kdfType.ts Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com> * Update kdfType.ts * apply DEFAULT_PBKDF2_ITERATIONS * checkIfWasmSupported Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
2025-12-06 00:13:28 +00:00 · 2023-01-26 15:20:12 +01:00
parent d02af23b30
commit e055e68991
18 changed files with 343 additions and 107 deletions
--- a/libs/node/src/services/node-crypto-function.service.ts
+++ b/libs/node/src/services/node-crypto-function.service.ts
@@ -1,5 +1,6 @@
 import * as crypto from "crypto";

+import * as argon2 from "argon2";
 import * as forge from "node-forge";

 import { CryptoFunctionService } from "@bitwarden/common/abstractions/cryptoFunction.service";
@@ -28,6 +29,28 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
    });
  }

+  async argon2(
+    password: string | ArrayBuffer,
+    salt: string | ArrayBuffer,
+    iterations: number,
+    memory: number,
+    parallelism: number
+  ): Promise<ArrayBuffer> {
+    const nodePassword = this.toNodeValue(password);
+    const nodeSalt = this.toNodeBuffer(this.toArrayBuffer(salt));
+
+    const hash = await argon2.hash(nodePassword, {
+      salt: nodeSalt,
+      raw: true,
+      hashLength: 32,
+      timeCost: iterations,
+      memoryCost: memory,
+      parallelism: parallelism,
+      type: argon2.argon2id,
+    });
+    return this.toArrayBuffer(hash);
+  }
+
  // ref: https://tools.ietf.org/html/rfc5869
  async hkdf(
    ikm: ArrayBuffer,